Security expert: Iran and North Korea teaming up to fight malware like Duqu, Flame, Stuxnet

Iran and North Korea have been in bed together for a long time, but recently they threw off the covers for the whole world to see. At least one security expert thinks there is a malware angle here that is worth underlining.

At the start of this month, news broke that Iran and North Korea have strengthened their ties, specifically by signing a number of cooperation agreements on science and technology. The two states signed the pact on Saturday, declaring that it represented a united front against Western powers. Ayatollah Ali Khamenei, Iran’s Supreme Leader, told Kim Yong Nam, North Korea’s ceremonial head of state, the two countries have common enemies and aligned goals.

On Monday, security firm F-Secure weighed in on the discussion. The company believes Iran and North Korea may be interested in collaborating against government-sponsored malware attacks such as Duqu, Flame, and Stuxnet.

“It’s highly likely that one of the reasons for this co-operation is for them to work together regarding their cyber defence and cyber offense strategies,” F-Secure security chief Mikko Hypponen told V3. “Both of these countries have clear interest in improving their cyber capability. And both of them have massive armies. Iran and North Korea have both armies that are among the 10 largest in the world.”

For the uninitiated, Stuxnet is a highly sophisticated piece of malware discovered in June 2010. It initially spreads via Windows, eventually targeting Siemens industrial software and equipment. Different variants of Stuxnet targeted five Iranian organizations, with the probable target widely suspected to be uranium enrichment infrastructure in the country. Duqu, which was discovered in September 2011, is very similar to Stuxnet, is believed to be created by the same authors, and is also related to the nuclear program of Iran.

Flame is the most recent such state-sponsored malware, and was discovered in May 2012. It is being used for targeted cyber espionage in Middle Eastern countries, but infections have also been reported in Europe and North America. It attacks Windows computers and can spread to other systems over a LAN or via USB stick. Flame is capable of recording audio, screenshots, keyboard activity, network traffic, Skype conversations, and can even download contact information from nearby Bluetooth-enabled devices.

It has been widely speculated that Israel and the US have been involved in the development of at least one of these pieces of malware, and possibly all three.